Add to Favorites
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > [SquirrelMail] SquirrelSpell Remote Shell Command Execution Vulnerability
forgot password?


Reply
 
LinkBack Thread Tools


Old
  Post #1 (permalink)   01-26-2002, 05:28 PM
HD Addict
 
Homer's Avatar
 
Join Date: Jan 2002
Posts: 122

Status: Homer is offline
SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system.

The SquirrelSpell plugin for SquirrelMail may, if called directly, pass user supplied input to a shell command. If the input contains shell metacharacters, arbitary commands may be executed. Exploitation of this vulnerability may lead to local access as the non-privileged user 'nobody'.


vulnerable SquirrelMail SquirrelSpell 0.3.5
+ SquirrelMail SquirrelMail 1.2.3

Earlier versions of SquirrelSpell may share this vulnerability.
 
 
 


Old
  Post #2 (permalink)   01-26-2002, 05:43 PM
hypernatic.net
 
Posts: n/a

Status:
Ack,

thank god I didnt install that
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




Contact Us | HostingDiscussion.com | Advertising (with spam verification) | Archive

© 2000-2008 HostingDiscussion.com. All right reserved.
Web Hosting by Micfo.com
All times are GMT -6. The time now is 07:28 PM.
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0